No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V300R006C00 Security Maintenance 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Account List

Account List

This section lists the accounts used in the OceanStor 9000.

Table 2-1 lists the accounts.

Table 2-1  Account list

Type

Account

Description

Operating system

root

Log in to the operating system as user root for system maintenance.

Operating system

omuser

Use SSH to remotely log in to the system as user omuser for routine maintenance.

Operating system

obsbilling

Billing account of the object storage service compatible with Amazon S3 APIs, used to communicate with the billing center.

Operating system

omsftp
The omsftp account is used to:
  • Export event and quota information from the DeviceManager.
  • Import license file using CLI command.
  • Transfer data between SystemReporter and OceanStor 9000.

Toolkit

admin

Use the default account to log in to the system and implement deployment. After the deployment is complete, log in to the system as the super administrator to expand and upgrade the system.

DeviceManager and CLI

admin

Log in to DeviceManager or CLI using the super administrator admin to manage OceanStor 9000.

DeviceManager and CLI

omuser

Log in to DeviceManager or CLI using the administrator omuser to manage OceanStor 9000.

DeviceManager and CLI

securityAdmin

Data encryption administrator that can manage key files, including regenerating, backing up, and recovering key files.

NOTE:
This account exists only when data encryption is enabled during system deployment.

iBMC

root

Manage and maintain the node device of P12E/P25E/P36E/C36E.

IPMI

admin

Manage and maintain the node device of P12/P25/P36/C36.

BIOS

-

Basic input/output system that provides hardware setting and control functions.

NOTE:
This only suits for P12E/P25E/P36E/C36E and P12/P25/P36/C36.

GRUB

-

A manager for starting multiple operating systems.

Serial port

administrator

SES serial port account for C72.

NDMP Service account

ndmp

Used to authenticate the connection between the backup software and the OceanStor 9000.

Channel authentication account

_machine_user

Used to authenticate links between the primary and secondary OceanStor 9000 in remote replication.

Database

gaussdba

Used to log in to the Cloud_upf database that stores information about accounts and users of the object storage service.

Database

gaussdba

Used to log in to the Cloud_mdc database that stores information about accounts and users of the object storage service.

NOTE:
If the source version is upgraded to V300R005C00 or a later version, there will be an SNMP account Kaimse in the system, which can be used to connect to the third-party network management system. You can also run delete snmp usm on the CLI to delete this account and create an SNMP account.

The internal accounts used in the OceanStor 9000 can only be used to manage the system and cannot be used to log in to the system or change the password, as shown in Table 2-2.

NOTE:
You can log in to the Linux operating system and run the userdel command to delete the account.. However, if the account is deleted, some system functions work incorrectly. Do not perform this operation.
Table 2-2  Internal system account list

System User

Usage

daemon

System account for controlling background processes

nobody

Default anonymous Linux account

messagebus

Account for transmitting messages among system processes

haldaemon

Account for monitoring hardware status changes

sshd

SSHD daemon

postfix

Account for the Postfix service

polkituser

Account for enhancing the permissions of and setting permission policies for non-root users

ntp

Account for Network Time Protocol (NTP)

news

Account used by various news servers and related programs in various modes

dhcpd

Account for the DHCPD service

snasuser

Account for starting internal system processes

qemu

Internal account for virtual machine

obs

Account for internal communication of object storage service

gaussdba

Internal operating system account to run database of object storage service

dnsmasq

Account for virtual component

The object storage service of the OceanStor 9000 has the internal accounts shown in Table 2-3, which are only used to perform internal management.
NOTE:
Internal accounts cannot be deleted.
Table 2-3  Internal accounts

Type

Account

Description

Database

upfdb

Internal communication account of the object storage service database.

Default password: IngS739_H

NOTE:
To change the password, run change system gaussdb_password upfdb on the CLI. The new password is also generated at random.

mdcdb

Internal communication account of the object storage service database.

Default password: IngS739_H

NOTE:
To change the password, run change system gaussdb_password mdcfdb on the CLI. The new password is also generated at random.

Account management interface

Admin

Interface used to manage accounts, certificates, and actions of the object storage service (compatible with Amazon S3 APIs).

NOTE:
The initial AK/SK of the account is generated at random when the system is installed. For details about how to obtain the initial AK/SK and how to modify it, see the OceanStor 9000 Account Management Interface Description.

Internal communication

SystemUnitedUserId

Account used when the internal module accesses the object storage service.

NOTE:

The initial AK/SK of the account is generated at random when the system is installed.

You can run ps aux | grep visi on the node which connects the management network cables to check whether visi process exists. If so, this node is the active management node.

Translation
Download
Updated: 2019-04-28

Document ID: EDOC1000122530

Views: 11058

Downloads: 40

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next